I have Vesta Panel, and i have created some user (let's say testuser for example).

Create a web, and put some files inside.
These files has the testuser as owner.
I Set the files permissions as rwx------ (700 - all permissions only for the owner-all other users deny any access)
I Checked that apache proccess run at apache user.
Even all these, the files still is accessible from web- the only way to make this files not accessible is to change owner or remove permissions even from the owner! Why? - is web users inherits the testuser permissions?!
Please help me to understand why this happens...

Yes,
VestaCP-Users inherit permissions as they belong to the group that has web-server.
So if you want to remove a site from access over the web, you should chown it to a user/group that is not existing in VestaCP or just chmod 0000

Yes,
VestaCP-Users inherit permissions as they belong to the group that has web-server.
So if you want to remove a site from access over the web, you should chown it to a user/group that is not existing in VestaCP or just chmod 0000

Ok with this. But if i want my Vesta Users to have write permissions for example to a file and i dont want the web users have, how can achieve this?! the only solution is to change the owner of the file?

Yes,
VestaCP-Users inherit permissions as they belong to the group that has web-server.
So if you want to remove a site from access over the web, you should chown it to a user/group that is not existing in VestaCP or just chmod 0000

Ok with this. But if i want my Vesta Users to have write permissions for example to a file and i dont want the web users have, how can achieve this?! the only solution is to change the owner of the file?

All VestaCP users belong to the webserver group so you can't have web access disabled for them... You will have to tinker alot with permissions yourself.

Yes,
VestaCP-Users inherit permissions as they belong to the group that has web-server.
So if you want to remove a site from access over the web, you should chown it to a user/group that is not existing in VestaCP or just chmod 0000

Ok with this. But if i want my Vesta Users to have write permissions for example to a file and i dont want the web users have, how can achieve this?! the only solution is to change the owner of the file?

All VestaCP users belong to the webserver group so you can't have web access disabled for them... You will have to tinker alot with permissions yourself.

Thank you for your answer. I will change the persmissions my self to strict the access! :)